Many healthcare organizations have
observed first-hand what happens when you have compliance violations during an
audit. Insecure environments in our
digital age can (and often do) lead to hefty fines. However, there’s a classic issue between
security and efficiency. This blog explores a solution that is univeral to most industry. The focus of this post is, however, focused on healthcare environments.
HealthcareIDM.com just launched a few weeks ago and it got us to thinking. We wanted to know what others were doing with this technology and we decided to scour the web for other information regarding identity and access management in healthcare. We were thrilled when we saw our identity management connectors on Novell’s (Now NetIQ) website.
As technology continually integrates with the modern workforce, user-related issues are bound to arise. Companies are eternally at odds with finding the balance between safety and efficiency. This becomes particularly troublesome in the field of healthcare. Healthcare is the one industry where strict compliance rules often interfere with the ability to readily retrieve critical data, such as patient information. However, a healthy balance does exist in today’s world.
In our last post How IAM Helps with Sarbanes-Oxley (SOX), Part 1, we covered the parts of the SOX law that can be attained by implementing an identity and access management (IAM) solution. In the previous post, we talked about the first three buckets that auditors look for in SOX compliance findings, including confidentiality, integrity, and availability.
Sarbanes-Oxley (SOX) was signed into law back in 2002. SOX is aimed at giving investors confidence in the financial data provided by the company. The key part of the SOX act is in Section 404. Section 404, titled “Management Assessment of Internal Controls” requires management to take responsibility for the integrity of their financial information. To accomplish this, IT processes, procedures, and systems must be evaluated to provide evidence that the company has kept sensitive data secured. While IT is not specifically addressed in the legislation, it is implied.